Context Navigation

source: sandbox/filemanager/tp/fckeditor/editor/filemanager/connectors/php/util.php @ 1575

Revision 1575, 5.1 KB checked in by amuller, 14 years ago (diff)
Ticket #597 - Implentação, melhorias do modulo gerenciador de arquivos
Property svn:executable set to ``*

Line
1	<?php
2	/*
3	* FCKeditor - The text editor for Internet - http://www.fckeditor.net
4	* Copyright (C) 2003-2009 Frederico Caldeira Knabben
5	*
6	* == BEGIN LICENSE ==
7	*
8	* Licensed under the terms of any of the following licenses at your
9	* choice:
10	*
11	* - GNU General Public License Version 2 or later (the "GPL")
12	* http://www.gnu.org/licenses/gpl.html
13	*
14	* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15	* http://www.gnu.org/licenses/lgpl.html
16	*
17	* - Mozilla Public License Version 1.1 or later (the "MPL")
18	* http://www.mozilla.org/MPL/MPL-1.1.html
19	*
20	* == END LICENSE ==
21	*
22	* Utility functions for the File Manager Connector for PHP.
23	*/
24
25	function RemoveFromStart( $sourceString, $charToRemove )
26	{
27	$sPattern = '\|^' . $charToRemove . '+\|' ;
28	return preg_replace( $sPattern, '', $sourceString ) ;
29	}
30
31	function RemoveFromEnd( $sourceString, $charToRemove )
32	{
33	$sPattern = '\|' . $charToRemove . '+$\|' ;
34	return preg_replace( $sPattern, '', $sourceString ) ;
35	}
36
37	function FindBadUtf8( $string )
38	{
39	$regex =
40	'([\x00-\x7F]'.
41	'\|[\xC2-\xDF][\x80-\xBF]'.
42	'\|\xE0[\xA0-\xBF][\x80-\xBF]'.
43	'\|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.
44	'\|\xED[\x80-\x9F][\x80-\xBF]'.
45	'\|\xF0[\x90-\xBF][\x80-\xBF]{2}'.
46	'\|[\xF1-\xF3][\x80-\xBF]{3}'.
47	'\|\xF4[\x80-\x8F][\x80-\xBF]{2}'.
48	'\|(.{1}))';
49
50	while (preg_match('/'.$regex.'/S', $string, $matches)) {
51	if ( isset($matches[2])) {
52	return true;
53	}
54	$string = substr($string, strlen($matches[0]));
55	}
56
57	return false;
58	}
59
60	function ConvertToXmlAttribute( $value )
61	{
62	if ( defined( 'PHP_OS' ) )
63	{
64	$os = PHP_OS ;
65	}
66	else
67	{
68	$os = php_uname() ;
69	}
70
71	if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' \|\| FindBadUtf8( $value ) )
72	{
73	return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
74	}
75	else
76	{
77	return ( htmlspecialchars( $value ) ) ;
78	}
79	}
80
81	/**
82	* Check whether given extension is in html etensions list
83	*
84	* @param string $ext
85	* @param array $htmlExtensions
86	* @return boolean
87	*/
88	function IsHtmlExtension( $ext, $htmlExtensions )
89	{
90	if ( !$htmlExtensions \|\| !is_array( $htmlExtensions ) )
91	{
92	return false ;
93	}
94	$lcaseHtmlExtensions = array() ;
95	foreach ( $htmlExtensions as $key => $val )
96	{
97	$lcaseHtmlExtensions[$key] = strtolower( $val ) ;
98	}
99	return in_array( $ext, $lcaseHtmlExtensions ) ;
100	}
101
102	/**
103	* Detect HTML in the first KB to prevent against potential security issue with
104	* IE/Safari/Opera file type auto detection bug.
105	* Returns true if file contain insecure HTML code at the beginning.
106	*
107	* @param string $filePath absolute path to file
108	* @return boolean
109	*/
110	function DetectHtml( $filePath )
111	{
112	$fp = @fopen( $filePath, 'rb' ) ;
113
114	//open_basedir restriction, see #1906
115	if ( $fp === false \|\| !flock( $fp, LOCK_SH ) )
116	{
117	return -1 ;
118	}
119
120	$chunk = fread( $fp, 1024 ) ;
121	flock( $fp, LOCK_UN ) ;
122	fclose( $fp ) ;
123
124	$chunk = strtolower( $chunk ) ;
125
126	if (!$chunk)
127	{
128	return false ;
129	}
130
131	$chunk = trim( $chunk ) ;
132
133	if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
134	{
135	return true;
136	}
137
138	$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
139
140	foreach( $tags as $tag )
141	{
142	if( false !== strpos( $chunk, $tag ) )
143	{
144	return true ;
145	}
146	}
147
148	//type = javascript
149	if ( preg_match( '!type\s=\s[\'"]?\s(?:\w/)?(?:ecma\|java)!sim', $chunk ) )
150	{
151	return true ;
152	}
153
154	//href = javascript
155	//src = javascript
156	//data = javascript
157	if ( preg_match( '!(?:href\|src\|data)\s=\s[\'"]?\s*(?:ecma\|java)script:!sim', $chunk ) )
158	{
159	return true ;
160	}
161
162	//url(javascript
163	if ( preg_match( '!url\s\(\s[\'"]?\s*(?:ecma\|java)script:!sim', $chunk ) )
164	{
165	return true ;
166	}
167
168	return false ;
169	}
170
171	/**
172	* Check file content.
173	* Currently this function validates only image files.
174	* Returns false if file is invalid.
175	*
176	* @param string $filePath absolute path to file
177	* @param string $extension file extension
178	* @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
179	* @return boolean
180	*/
181	function IsImageValid( $filePath, $extension )
182	{
183	if (!@is_readable($filePath)) {
184	return -1;
185	}
186
187	$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
188
189	// version_compare is available since PHP4 >= 4.0.7
190	if ( function_exists( 'version_compare' ) ) {
191	$sCurrentVersion = phpversion();
192	if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
193	$imageCheckExtensions[] = "tiff";
194	$imageCheckExtensions[] = "tif";
195	}
196	if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
197	$imageCheckExtensions[] = "swc";
198	}
199	if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
200	$imageCheckExtensions[] = "jpc";
201	$imageCheckExtensions[] = "jp2";
202	$imageCheckExtensions[] = "jpx";
203	$imageCheckExtensions[] = "jb2";
204	$imageCheckExtensions[] = "xbm";
205	$imageCheckExtensions[] = "wbmp";
206	}
207	}
208
209	if ( !in_array( $extension, $imageCheckExtensions ) ) {
210	return true;
211	}
212
213	if ( @getimagesize( $filePath ) === false ) {
214	return false ;
215	}
216
217	return true;
218	}
219
220	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: